ArthurHoaro [Sat, 10 Oct 2020 15:40:26 +0000 (17:40 +0200)]
Feature: bulk creation of bookmarks
This changes creates a new form in addlink page allowing to create
multiple bookmarks at once more easily. It focuses on re-using as much
existing code and template component as possible.
These changes includes:
- a new form in addlink (hidden behind a button by default),
containing a text area for URL, and tags/private status to apply to
created links
- this form displays a new template called editlink.batch, itself
including editlink template multiple times
- User interation in this new templates are handle by a new JS script
(shaare-batch.js) making AJAX requests, and therefore does not need page
reloading
- ManageShaareController has been split into 3 distinct controllers:
+ ShaareAdd: displays addlink template
+ ShaareManage: various operation applied on existing shaares
(change visibility, pin, deletion, etc.)
+ ShaarePublish: handles creation/edit forms and saving Shaare's
form
- Updated translations
ArthurHoaro [Fri, 16 Oct 2020 09:50:53 +0000 (11:50 +0200)]
Feature: add weekly and monthly view/RSS feed for daily page
- Heavy refactoring of DailyController
- Add a banner like in tag cloud to display monthly and weekly links
- Translations: t() now supports variables with optional first letter
uppercase
ArthurHoaro [Fri, 16 Oct 2020 18:17:08 +0000 (20:17 +0200)]
Feature: Share private bookmarks using a URL containing a private key
- Add a share link next to « Permalink » in linklist (using share icon
from fork awesome)
- This link generates a private key associated to the bookmark
- Accessing the bookmark while logged out with the proper key will
display it
Ganesh Kandu [Tue, 27 Oct 2020 12:12:35 +0000 (17:42 +0530)]
Replaced PHP_EOL to "\n"
i was getting error
```
An error occurred while parsing JSON configuration file (data/config.json.php): error code #4
➜ Syntax error
Please check your JSON syntax (without PHP comment tags) using a JSON lint tool such as jsonlint.com.
```
after debug i found
```php
$data = str_replace(self::getPhpHeaders(), '', $data);
$data = str_replace(self::getPhpSuffix(), '', $data);
```
doesn't removing php header and php suffix
cause of this issue was PHP_EOL represents the endline character for the current system. if my ```config.json.php``` was encoded with unix ( LF ) and php running on windows windows encoding ( CR LF ) is not same as unix encoding ( LF ) so ```str_replace``` doesn't replace strin then it causes issue.
ArthurHoaro [Wed, 21 Oct 2020 11:12:15 +0000 (13:12 +0200)]
Feature: add a Server administration page
It contains mostly read only information about the current Shaarli instance,
PHP version, extensions, file and folder permissions, etc.
Also action buttons to clear the cache or sync thumbnails.
Part of the content of this page is also displayed on the install page,
to check server requirement before installing Shaarli config file.
ArthurHoaro [Thu, 15 Oct 2020 09:46:24 +0000 (11:46 +0200)]
Asynchronous retrieval of bookmark's thumbnails
This feature is based general.enable_async_metadata setting and works with existing metadata.js file.
The script is compatible with any template:
- the thumbnail div bloc must have attribute
- the bookmark bloc must have attribute with the bookmark ID as value
ArthurHoaro [Mon, 12 Oct 2020 09:35:55 +0000 (11:35 +0200)]
Feature: highlight fulltext search results
How it works:
1. when a fulltext search is made, Shaarli looks for the first
occurence position of every term matching the search. No change here,
but we store these positions in an array, in Bookmark's additionalContent.
2. when formatting bookmarks (through BookmarkFormatter
implementation):
1. first we insert specific tokens at every search result positions
2. we format the content (escape HTML, apply markdown, etc.)
3. as a last step, we replace our token with displayable span
elements
Cons: this tightens coupling between search filters and formatters
Pros: it was absolutely necessary not to perform the
search twice. this solution has close to no impact on performances.
ArthurHoaro [Fri, 16 Oct 2020 10:47:11 +0000 (12:47 +0200)]
Support using Shaarli without URL rewriting
- Shaarli can be fully used by prefixing any URL with /index.php/
- {$base_path} used in templates already works with this configuration
- Assets path (outside of theme's assets) must be prefixed with {$root_url}/
- Documentation section in « Server configuration »
Add a setting to retrieve bookmark metadata asynchrounously
- There is a new standalone script (metadata.js) which requests
a new controller to get bookmark metadata and fill the form async
- This feature is enabled with the new setting: general.enable_async_metadata
(enabled by default)
- general.retrieve_description is now enabled by default
- A small rotating loader animation has a been added to bookmark inputs
when metadata is being retrieved (default template)
- Custom JS htmlentities has been removed and mathiasbynens/he
library is used instead
ArthurHoaro [Tue, 6 Oct 2020 15:30:18 +0000 (17:30 +0200)]
Security: fix multiple XSS vulnerabilities + fix search tags with special chars
XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list.
Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
Makefile: remove static_analysis_summary from all: target
static_analysis_summary was removed in 37c9c6b#diff-b67911656ef5d18c4ae36cb6741b7965 but not from the all: target dependencies. Therefore running make all always fails.
fixes https://github.com/shaarli/Shaarli/issues/1459
Mostly in order to get rid of deprecated deps, and upgrade vulnerable ones.
- Upgrade webpack from 3.x to 4.x
- Moved babel package to main repo
- Replaced deprecated extract-text-webpack-plugin with extract-text-webpack-plugin
- Replaced deprecated babel-minify-webpack-plugin with terser-webpack-plugin
- Replaced deprecated node-sass with (dart) sass package
- Replaced deprecated sass-lint with stylelint (the rules might be a bit different
Related to #1531: trivy doesn't raise any more issue